Potential denial of service in bson rubygem
Published: April 29, 2020
SECURITY IDENTIFIERS
- CVE: CVE-2015-4411 (NVD)
- GHSA: GHSA-qh4w-7pw3-p4rp
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
>= 3.0.4
DESCRIPTION
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.